Risky Business Patrick Gray
-
- News
-
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
-
Risky Business #740 -- Midnight Blizzard's Microsoft hack isn't over
On this week’s show Patrick and Adam discuss the week’s security news, including:
Weather forecast in Redmond is still for blizzards at midnight
Maybe Change Healthcare wasn’t just crying nation-state wolf
Hackers abuse e-prescription systems to sell drugs
CISA goes above and beyond to relate to its constituency by getting its Ivantis owned
VMware drinks from the Tianfu Cup
Much, much more
This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director.
John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing.
Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t. -
Risky Business #739 -- ALPHV exit scams while Change Healthcare burns
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response
Predator spyware maker getting a stern sanctioning
A German military WebEx meeting gets snooped
Mem-corrpution is still king
And much, much more
In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP. -
Risky Business #738 -- LockBit is down but not out. Yet.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
LockBit gets back up after takedown
Russia arrests Medibank hacker… for something else
ConnectWise gives out free updates, but customers aren’t happy
Microsoft gives in to demands for more logs
Sandvine gets entity-listed
And much much more.
Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan.
In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code. -
Risky Business #737 -- LockBit gets absolutely rekt
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
LockBit has been taken down by law enforcement
Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON
GRU gets its Moobot network shutdown
Signal adding usernames is… complicated
Much, much more
In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so. -
Soap Box: A deep dive on how Russia's SVR is hacking Microsoft 365 tenants
The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.
-
Risky Business #736 -- Azure misconfigurations are 2024's looming threat
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
Somehow there are still more Ivanti and Fortinet exploits
Volt Typhoon have been at it for years
Starlink in Ukraine gets complicated
Canadians hate poor Flipper
Much, much more…
In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them.
Customer Reviews
Solid high protein security news. With humour.
Pat and Adam (plus guests) take the dry dry dry info-sec news, they inject thoughtful narrative and humour to make this a must listen. They have super in depth real world knowledge of the subject matter. They don’t pull punches but they deliver a weekly report which contains all the relevant info I need. Easily the best regular podcast about information Security news.
No BS Infosec News
Zero BS and great analysis
Straight to the point
Not filled with ads or mindless ranting. Straight to the point and up to date content, with just the right amount of discussion.
Well done everyone, you make my Wednesdays (Thursdays) something to look forward to!